richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
810 Commits
8 Branches
85 Tags
14 MiB
Tree: 9e021aa919
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9e021aa919'
${ noResults }
shadowsocks-libev/src/acl.c

123 lines
3.2 KiB
Raw Normal View History

add license headers
10 years ago
bump version
10 years ago
add license headers
10 years ago
Replace libasyncns with libudns
10 years ago
add license headers
10 years ago
add acl module
10 years ago
add domain acl support
10 years ago
fix header
10 years ago
add acl module
10 years ago
add acl to server
10 years ago
refine local proxy for acl support
10 years ago
add acl to server
10 years ago
ipset works now
10 years ago
fix the issue introduced by newline
10 years ago
ipset works now
10 years ago
bump version
10 years ago
ipset works now
10 years ago
bump version
10 years ago
add acl to server
10 years ago
ipset works now
10 years ago
bump version
10 years ago
add acl to server
10 years ago
ipset works now
10 years ago
refine local proxy for acl support
10 years ago
add domain acl support
10 years ago
refine local proxy for acl support
10 years ago
add acl to server
10 years ago
refine local proxy for acl support
10 years ago
bump version
10 years ago
refine library interface
10 years ago
refine local proxy for acl support
10 years ago
bump version
10 years ago
fix the issue introduced by newline
10 years ago
bump version
10 years ago
fix the issue introduced by newline
10 years ago
add acl to server
10 years ago
refine local proxy for acl support
10 years ago
add acl to server
10 years ago
bump version
10 years ago
add acl to server
10 years ago
bump version
10 years ago
add acl to server
10 years ago
bump version
10 years ago
add domain acl support
10 years ago
refine local proxy for acl support
10 years ago
add acl to server
10 years ago
refine local proxy for acl support
10 years ago
bump version
10 years ago
add acl module
10 years ago
add acl to server
10 years ago
bump version
10 years ago
add domain acl support
10 years ago
add acl to server
10 years ago
add acl module
10 years ago
  1. /*
  2. * acl.c - Manage the ACL (Access Control List)
  3. *
  4. * Copyright (C) 2013 - 2015, Max Lv <max.c.lv@gmail.com>
  5. *
  6. * This file is part of the shadowsocks-libev.
  7. *
  8. * shadowsocks-libev is free software; you can redistribute it and/or modify
  9. * it under the terms of the GNU General Public License as published by
  10. * the Free Software Foundation; either version 3 of the License, or
  11. * (at your option) any later version.
  12. *
  13. * shadowsocks-libev is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU General Public License
  19. * along with shadowsocks-libev; see the file COPYING. If not, see
  20. * <http://www.gnu.org/licenses/>.
  21. */
  23. #include <ipset/ipset.h>
  25. #include "utils.h"
  27. static struct ip_set acl_ipv4_set;
  28. static struct ip_set acl_ipv6_set;
  30. static void parse_addr_cidr(const char *str, char *host, int *cidr)
  31. {
  32. int ret = -1, n = 0;
  33. char *pch;
  35. pch = strchr(str, '/');
  36. while (pch != NULL) {
  37. n++;
  38. ret = pch - str;
  39. pch = strchr(pch + 1, '/');
  40. }
  41. if (ret == -1) {
  42. strcpy(host, str);
  43. *cidr = -1;
  44. } else {
  45. memcpy(host, str, ret);
  46. host[ret] = '\0';
  47. *cidr = atoi(str + ret + 1);
  48. }
  49. }
  51. int init_acl(const char *path)
  52. {
  53. // initialize ipset
  54. ipset_init_library();
  55. ipset_init(&acl_ipv4_set);
  56. ipset_init(&acl_ipv6_set);
  58. FILE *f = fopen(path, "r");
  59. if (f == NULL) {
  60. LOGE("Invalid acl path.");
  61. return -1;
  62. }
  64. char line[256];
  65. while (!feof(f)) {
  66. if (fgets(line, 256, f)) {
  67. // Trim the newline
  68. int len = strlen(line);
  69. if (len > 0 && line[len - 1] == '\n') {
  70. line[len - 1] = '\0';
  71. }
  73. char host[256];
  74. int cidr;
  75. parse_addr_cidr(line, host, &cidr);
  77. struct cork_ip addr;
  78. int err = cork_ip_init(&addr, host);
  79. if (!err) {
  80. if (addr.version == 4) {
  81. if (cidr >= 0) {
  82. ipset_ipv4_add_network(&acl_ipv4_set, &(addr.ip.v4), cidr);
  83. } else {
  84. ipset_ipv4_add(&acl_ipv4_set, &(addr.ip.v4));
  85. }
  86. } else if (addr.version == 6) {
  87. if (cidr >= 0) {
  88. ipset_ipv6_add_network(&acl_ipv6_set, &(addr.ip.v6), cidr);
  89. } else {
  90. ipset_ipv6_add(&acl_ipv6_set, &(addr.ip.v6));
  91. }
  92. }
  93. }
  94. }
  95. }
  97. fclose(f);
  99. return 0;
  100. }
  102. void free_acl(void)
  103. {
  104. ipset_done(&acl_ipv4_set);
  105. ipset_done(&acl_ipv6_set);
  106. }
  108. int acl_contains_ip(const char * host)
  109. {
  110. struct cork_ip addr;
  111. int err = cork_ip_init(&addr, host);
  112. if (err) {
  113. return 0;
  114. }
  116. if (addr.version == 4) {
  117. return ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4));
  118. } else if (addr.version == 6) {
  119. return ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6));
  120. }
  122. return 0;
  123. }